lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241105144340.GQ27775@pendragon.ideasonboard.com>
Date: Tue, 5 Nov 2024 16:43:40 +0200
From: Laurent Pinchart <laurent.pinchart@...asonboard.com>
To: Ricardo Ribalda <ribalda@...omium.org>
Cc: Mauro Carvalho Chehab <mchehab@...nel.org>, linux-media@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] media: uvcvideo: Remove refcounted cleanup

On Tue, Nov 05, 2024 at 02:32:39PM +0000, Ricardo Ribalda wrote:
> After commit c9ec6f173636 ("media: uvcvideo: Stop stream during unregister")
> we have some guarantee that userspace will not be able to access any of
> our internal structures after disconnect().
> 
> This means that we can do the cleanup at the end of disconnect and make
> the code more resilient to races.
> 
> This change will also enable the use of devres functions in more parts
> of the code.

That's the wrong direction, let's not go there, especially given that
this doesn't fix anything. Strong nack on my side, especially given how
many of your previous patches introduced race conditions. It's not
broken, don't touch it. A better use of your time would be to fix the
unplug race issue at the subsystem level.

> Signed-off-by: Ricardo Ribalda <ribalda@...omium.org>
> ---
>  drivers/media/usb/uvc/uvc_driver.c | 24 +++++-------------------
>  drivers/media/usb/uvc/uvcvideo.h   |  1 -
>  2 files changed, 5 insertions(+), 20 deletions(-)
> 
> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
> index a96f6ca0889f..2735fccdf454 100644
> --- a/drivers/media/usb/uvc/uvc_driver.c
> +++ b/drivers/media/usb/uvc/uvc_driver.c
> @@ -1868,16 +1868,12 @@ static int uvc_scan_device(struct uvc_device *dev)
>  /*
>   * Delete the UVC device.
>   *
> - * Called by the kernel when the last reference to the uvc_device structure
> - * is released.
> - *
> - * As this function is called after or during disconnect(), all URBs have
> + * As this function is called during disconnect(), all URBs have
>   * already been cancelled by the USB core. There is no need to kill the
>   * interrupt URB manually.
>   */
> -static void uvc_delete(struct kref *kref)
> +static void uvc_delete(struct uvc_device *dev)
>  {
> -	struct uvc_device *dev = container_of(kref, struct uvc_device, ref);
>  	struct list_head *p, *n;
>  
>  	uvc_status_cleanup(dev);
> @@ -1919,14 +1915,6 @@ static void uvc_delete(struct kref *kref)
>  	kfree(dev);
>  }
>  
> -static void uvc_release(struct video_device *vdev)
> -{
> -	struct uvc_streaming *stream = video_get_drvdata(vdev);
> -	struct uvc_device *dev = stream->dev;
> -
> -	kref_put(&dev->ref, uvc_delete);
> -}
> -
>  /*
>   * Unregister the video devices.
>   */
> @@ -2009,7 +1997,7 @@ int uvc_register_video_device(struct uvc_device *dev,
>  	vdev->v4l2_dev = &dev->vdev;
>  	vdev->fops = fops;
>  	vdev->ioctl_ops = ioctl_ops;
> -	vdev->release = uvc_release;
> +	vdev->release = video_device_release_empty;
>  	vdev->prio = &stream->chain->prio;
>  	if (type == V4L2_BUF_TYPE_VIDEO_OUTPUT)
>  		vdev->vfl_dir = VFL_DIR_TX;
> @@ -2045,7 +2033,6 @@ int uvc_register_video_device(struct uvc_device *dev,
>  		return ret;
>  	}
>  
> -	kref_get(&dev->ref);
>  	return 0;
>  }
>  
> @@ -2160,7 +2147,6 @@ static int uvc_probe(struct usb_interface *intf,
>  	INIT_LIST_HEAD(&dev->entities);
>  	INIT_LIST_HEAD(&dev->chains);
>  	INIT_LIST_HEAD(&dev->streams);
> -	kref_init(&dev->ref);
>  	atomic_set(&dev->nmappings, 0);
>  
>  	dev->udev = usb_get_dev(udev);
> @@ -2300,7 +2286,7 @@ static int uvc_probe(struct usb_interface *intf,
>  
>  error:
>  	uvc_unregister_video(dev);
> -	kref_put(&dev->ref, uvc_delete);
> +	uvc_delete(dev);
>  	return -ENODEV;
>  }
>  
> @@ -2319,7 +2305,7 @@ static void uvc_disconnect(struct usb_interface *intf)
>  		return;
>  
>  	uvc_unregister_video(dev);
> -	kref_put(&dev->ref, uvc_delete);
> +	uvc_delete(dev);
>  }
>  
>  static int uvc_suspend(struct usb_interface *intf, pm_message_t message)
> diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h
> index 07f9921d83f2..feb8de640a26 100644
> --- a/drivers/media/usb/uvc/uvcvideo.h
> +++ b/drivers/media/usb/uvc/uvcvideo.h
> @@ -578,7 +578,6 @@ struct uvc_device {
>  
>  	/* Video Streaming interfaces */
>  	struct list_head streams;
> -	struct kref ref;
>  
>  	/* Status Interrupt Endpoint */
>  	struct usb_host_endpoint *int_ep;
> 
> ---
> base-commit: c7ccf3683ac9746b263b0502255f5ce47f64fe0a
> change-id: 20241105-uvc-rmrefcount-010d98d496c5

-- 
Regards,

Laurent Pinchart

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ